Skip to content

feat: add LinkedIn OAuth 2.0 / OIDC authentication emulator#39

Open
DaleWebb wants to merge 1 commit intovercel-labs:mainfrom
DaleWebb:linkedin
Open

feat: add LinkedIn OAuth 2.0 / OIDC authentication emulator#39
DaleWebb wants to merge 1 commit intovercel-labs:mainfrom
DaleWebb:linkedin

Conversation

@DaleWebb
Copy link
Copy Markdown

@DaleWebb DaleWebb commented Apr 1, 2026

Summary

Adds a new @emulators/linkedin package that emulates LinkedIn's Sign In with LinkedIn using OpenID Connect surface, matching exactly what Better Auth's LinkedIn provider expects.

Endpoints

Method Path Description
GET /.well-known/openid-configuration OIDC discovery document
GET /oauth2/v3/certs JWKS (stub)
GET /oauth/v2/authorization Authorization page (user picker)
POST /oauth/v2/authorization/callback Auth code generation + redirect
POST /oauth/v2/accessToken Token exchange (authorization_code + refresh_token)
GET /v2/userinfo LinkedIn profile (sub, name, given_name, family_name, picture, locale, email, email_verified)
POST /oauth/v2/revoke Token revocation

Features

  • Strict client validation when oauth_clients are seeded (consistent with all other emulators)
  • PKCE support (plain + S256)
  • client_secret_basic (Authorization header) support
  • HS256 id_token signing
  • Seed config for users and oauth_clients
  • Registered in CLI as linkedin service

Structure

Mirrors @emulators/microsoft exactly:

packages/@emulators/linkedin/
  src/
    entities.ts          # LinkedInUser, LinkedInOAuthClient
    helpers.ts           # generateSub()
    store.ts             # getLinkedInStore()
    routes/oauth.ts      # All OAuth/OIDC routes
    index.ts             # Plugin, seedFromConfig, exports
    __tests__/linkedin.test.ts  # 15 tests

Seed config

linkedin:
  users:
    - email: testuser@linkedin.com
      name: Test User
  oauth_clients:
    - client_id: example-linkedin-client-id
      client_secret: example-linkedin-client-secret
      name: My LinkedIn App
      redirect_uris:
        - http://localhost:3000/api/auth/callback/linkedin

Tests

15 tests covering: OIDC discovery, JWKS, authorization page, client validation, full OAuth flow with id_token verification, refresh tokens, single-use auth codes, unsupported grant types, userinfo, token revocation, client_secret_basic auth, and seed config.

@DaleWebb @cursoragent
feat: add LinkedIn OAuth 2.0 / OIDC authentication emulator
b55145d 
Co-authored-by: Dale Alexander Webb <dale@dale-digital.com>
@vercel
Copy link
Copy Markdown
Contributor

vercel bot commented Apr 1, 2026

@DaleWebb is attempting to deploy a commit to the Vercel Labs Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DaleWebb